From 56f821d534d8219808ea773d6aa01a174529f344 Mon Sep 17 00:00:00 2001 From: TS-QD1 Date: Fri, 28 Mar 2025 11:13:03 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E5=A2=9E=E5=8A=A0access=5Ftoken?= =?UTF-8?q?=E8=BF=87=E6=BB=A4=E5=99=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common/pom.xml | 5 ++ .../client/auth/filter/UserTokenFilter.java | 4 +- .../oauth2/filter/AccessTokenFilter.java | 81 +++++++++++++++++++ 3 files changed, 88 insertions(+), 2 deletions(-) create mode 100644 module-oauth2-client/src/main/java/ink/wgink/module/oauth2/filter/AccessTokenFilter.java diff --git a/common/pom.xml b/common/pom.xml index 62a44302..3d99bab0 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -77,6 +77,11 @@ spring-security-web + + com.auth0 + java-jwt + 4.2.1 + diff --git a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java index b9417fea..fd99db07 100644 --- a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java +++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java @@ -28,7 +28,7 @@ import java.io.IOException; @Order(value = Ordered.HIGHEST_PRECEDENCE) @Component -@WebFilter(filterName = "ContentCachingFilter", urlPatterns = "/*") +@WebFilter(filterName = "UserTokenFilter", urlPatterns = "/*") public class UserTokenFilter extends OncePerRequestFilter { private static final Logger LOG = LoggerFactory.getLogger(UserTokenFilter.class); private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher(); @@ -39,7 +39,7 @@ public class UserTokenFilter extends OncePerRequestFilter { String source = request.getHeader("X-SOURCE"); if (StringUtils.isBlank(userId)) { Object springSecurityContext = request.getSession().getAttribute("SPRING_SECURITY_CONTEXT"); - if(!StringUtils.equals(source, "page")) { + if (!StringUtils.equals(source, "page")) { filterChain.doFilter(request, response); return; } diff --git a/module-oauth2-client/src/main/java/ink/wgink/module/oauth2/filter/AccessTokenFilter.java b/module-oauth2-client/src/main/java/ink/wgink/module/oauth2/filter/AccessTokenFilter.java new file mode 100644 index 00000000..6b7b737b --- /dev/null +++ b/module-oauth2-client/src/main/java/ink/wgink/module/oauth2/filter/AccessTokenFilter.java @@ -0,0 +1,81 @@ +package ink.wgink.module.oauth2.filter; + +import ink.wgink.exceptions.SearchException; +import ink.wgink.pojo.bos.RoleGrantedAuthorityBO; +import ink.wgink.pojo.bos.UserInfoBO; +import org.jsoup.internal.StringUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.Ordered; +import org.springframework.core.annotation.Order; +import org.springframework.http.HttpStatus; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.context.SecurityContextHolderStrategy; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.annotation.WebFilter; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +@Order(value = Ordered.HIGHEST_PRECEDENCE) +@Component +@WebFilter(filterName = "AccessTokenFilter", urlPatterns = "/*") +public class AccessTokenFilter extends OncePerRequestFilter { + + private static final Logger LOG = LoggerFactory.getLogger(AccessTokenFilter.class); + @Autowired(required = false) + private IAccessTokenCheckFilter accessTokenCheckFilter; + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + if (accessTokenCheckFilter == null) { + filterChain.doFilter(request, response); + return; + } + String authorization = request.getHeader("Auth"); + if (StringUtil.isBlank(authorization)) { + filterChain.doFilter(request, response); + return; + } + if (!authorization.startsWith("Bearer ")) { + LOG.error("用户未登录,authorization异常"); + response.setStatus(HttpStatus.UNAUTHORIZED.value()); + } + String accessToken = authorization.replace("Bearer ", ""); + UserInfoBO userInfo = accessTokenCheckFilter.getUserInfo(accessToken); + Set grantedAuthorities = new HashSet<>(); + userInfo.getRoles().forEach(role -> { + RoleGrantedAuthorityBO roleGrantedAuthorityBO = new RoleGrantedAuthorityBO(role.getRoleId(), role.getRoleName(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList()); + grantedAuthorities.add(roleGrantedAuthorityBO); + }); + UsernamePasswordAuthenticationToken userAuthenticationTokenResult = new UsernamePasswordAuthenticationToken(userInfo, null, grantedAuthorities); + SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy(); + SecurityContext context = securityContextHolderStrategy.createEmptyContext(); + context.setAuthentication(userAuthenticationTokenResult); + securityContextHolderStrategy.setContext(context); + request.getSession().setAttribute("SPRING_SECURITY_CONTEXT", context); + filterChain.doFilter(request, response); + } + + /** + * AccessToken校验过滤器 + */ + public interface IAccessTokenCheckFilter { + + UserInfoBO getUserInfo(String accessToken); + + } + +}